MSIL/Spy.Agent.CMH malicious file

The MSIL/Spy.Agent.CMH is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What MSIL/Spy.Agent.CMH virus can do?

Dynamic (imported) function loading detected
Authenticode signature is invalid
Anomalous .NET characteristics

How to determine MSIL/Spy.Agent.CMH?


File Info:
name: 349E801A21AFE9EDCA05.mlw
path: /opt/CAPEv2/storage/binaries/3f7cf97aad91ffdff78c539f063fe5a28400e8c14e6774e4b2150985e1f0ba93
crc32: F10E3AFD
md5: 349e801a21afe9edca05c3f9e0e6d153
sha1: 7d16b06970c9dfe083b29fdb93908d08fcc58043
sha256: 3f7cf97aad91ffdff78c539f063fe5a28400e8c14e6774e4b2150985e1f0ba93
sha512: 460e5193323453dee0424d671bda2728f063e747e366f6f369366367bba231ac089b039039bb39d0b7d4dccae20da569d32209f44c9efefc442cd891cb95e17b
ssdeep: 96:KQVNQiHzKQKsL9alJei0G2fxOVkPyngwUyHOp2i6XkYYJvC0MoKlFLKlMuUswzNt:KQVNQuGd0G2pOVnnNHBtkYxlFLKi+S
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17112F726FB948722C9EF4B3B94B392114332EA435A13EF4F248C556D9DA7B00071B7A4
sha3_384: 278448ce919834bb02988618c0afb2d410f20f042558f14e1e912498f92da6af3e292b705bfa3a1fa476fbfc47f5383c
ep_bytes: ff250020400000000000000000000000
timestamp: 2022-02-04 05:17:21

Version Info:
Translation: 0x0000 0x04b0
FileDescription:  
FileVersion: 0.0.0.0
InternalName: Klarclient.vmp.exe
LegalCopyright:  
OriginalFilename: Klarclient.vmp.exe
ProductVersion: 0.0.0.0
Assembly Version: 0.0.0.0

MSIL/Spy.Agent.CMH also known as:

Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
CAT-QuickHeal	Trojan.WacatacFC.S20328060
ALYac	Gen:Variant.Bulz.11061
Malwarebytes	Spyware.PasswordStealer
K7AntiVirus	Trojan ( 700000121 )
Cybereason	malicious.a21afe
Cyren	W32/MSIL_Troj.ACD.gen!Eldorado
ESET-NOD32	a variant of MSIL/Spy.Agent.CMH
APEX	Malicious
Kaspersky	not-a-virus:VHO:NetTool.Win32.Convagent.gen
BitDefender	Gen:Variant.Bulz.11061
MicroWorld-eScan	Gen:Variant.Bulz.11061
Emsisoft	Gen:Variant.Bulz.11061 (B)
McAfee-GW-Edition	BehavesLike.Win32.Trojan.zt
FireEye	Generic.mg.349e801a21afe9ed
Sophos	Generic ML PUA (PUA)
SentinelOne	Static AI – Malicious PE
Avira	HEUR/AGEN.1101084
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Gen:Variant.Bulz.11061
AhnLab-V3	Malware/Win32.RL_Generic.C3996575
MAX	malware (ai score=87)
Rising	Trojan.Generic/MSIL@AI.100 (RDM.MSIL:iXYPfZurH3+r05ib9jIaEQ)
eGambit	Unsafe.AI_Score_60%
Fortinet	MSIL/Small.CF!tr
BitDefenderTheta	Gen:NN.ZemsilF.34182.am0@a8Ltn@n
AVG	Win32:MalwareX-gen [Trj]
Avast	Win32:MalwareX-gen [Trj]
MaxSecure	Trojan.Malware.300983.susgen

How to remove MSIL/Spy.Agent.CMH?

MSIL/Spy.Agent.CMH removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X